The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.

热门Node.js库vm2被曝出严重沙箱逃逸漏洞CVE-2026-22709，CVSS评分9.8分。该漏洞源于Promise处理程序的不当清理，攻击者可利用此漏洞逃脱沙箱并在底层操作系统执行任意代码。漏洞已在3.10.2版本中修复，但这是该库近年来遭遇的一系列沙箱逃逸漏洞之一。维护者建议用户及时更新并考虑使用isolated-vm等更安全的替代方案。

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

A day ago, the Denver Broncos were able to celebrate advancing to the AFC championship game courtesy of a controversial interception from Ja'Quan McMillan. One day later, the Chicago Bears thought ...

Older Americans making catch-up contributions to their 401(k) plans could be hit with a higher tax bill this year. Under a law that went into effect on Jan. 1, higher-income workers making catch-up ...

On January 7, OpenAI announced the launch of ChatGPT Health, a new tool developed in collaboration with physicians to help people better understand and manage their health and well-being. According to ...

The cryptocurrency market is showing strong momentum in early 2026, with total market capitalization surpassing $3.15 trillion and daily trading volumes exceeding $110 billion, driven by renewed ...